Skip to main content

Notify configuration changes

Summary

The system must notify the users whenever their authentication details or other security settings are changed.

Description

Most systems allow their users to modify relevant information, such as access credentials and contact data. Users should be notified whenever any of these or other security settings are modified, as it could be a part of several types of attacks, e.g., account takeover attacks.

Supported In

This requirement is verified in following services:

PlanSupported
Machine🔴
Squad🟢
One-Shot🟢

References

Vulnerabilities